21-05-2014, 04:39 PM
Distributed Access Control with Privacy Support in Wireless Sensor Networks
Distributed Access Control.pdf (Size: 522.15 KB / Downloads: 13)
Abstract
A distributed access control module in wireless sen-
sor networks (WSNs) allows the network to authorize and grant
user access privileges for in-network data access. Prior research
mainly focuses on designing such access control modules for
WSNs, but little attention has been paid to protect user’s identity
privacy when a user is verified by the network for data accesses.
Often, a user does not want the WSN to associate his identity
to the data he requests. In this paper, we present the design,
implementation, and evaluation of a novel approach, Priccess, to
ensure distributed privacy-preserving access control. In Priccess,
users who have similar access privileges are organized into the
same group by the network owner. A network user signs a query
command on behalf of his group and then sends the signed
query to the sensor nodes of his interest. The signature can
be verified by its recipient as coming from someone authorized
without exposing the actual signer. In addition to the theoretical
analysis that demonstrates the security properties of Priccess,
this paper also reports the experimental results of Priccess in a
network of Imote2 motes, which show the efficiency of Priccess
in practice.
I NTRODUCTION
He primary purpose of deploying a wireless sensor
network (WSN) is to monitor the physical world and
provide observations for various applications. As WSNs are
usually deployed in an environment that is vulnerable to many
security attacks, it is critical to control the access to the sensor
nodes (e.g., reading sensor data), especially when there are
many users in the system. Additionally, different users may
have different access privileges. For example, in the case of
a WSN deployed in a battlefield, a soldier only needs to
access the data related to his task, but a higher rank officer
often requires information gathering for an overall manoeuvre
and therefore should have more information access privileges
than a soldier [1]. The application will be compromised
if access control is not properly enforced.
R ELATED W ORK
In the literature, some schemes have been proposed for
achieving access control in sensor networks [1]-[7]. Digital
signatures have been demonstrated to be feasible for resource-
constrained sensor nodes [1], [2]. Some approaches in [3],
[4] make use of the simple operations such as one-way
hash functions and exclusive-OR operations to enable efficient
access control. In addition, the least privilege scheme in [5]
can be used to achieve a specific type of access control,
in which a user can only access the sensor data at a pre-
determined physical path in the field. We observe that all
these works [1]-[5] just focus on designing access control
modules for WSNs, but do not pay attention to protecting
user’s identity privacy when a user is verified by the network
for data accesses.
Adversary Model
We assume that an adversary can launch both outside and
inside attacks. In outside attack, the adversary may eavesdrop,
copy and replay the transmitted messages in the WSN. There-
fore, for a practical threat model we consider an adversary
that is able to eavesdrop all network communications, as well
as inject bogus messages or forge non-existing links in the
network by launching a wormhole attack. As an inside attack,
we assume that the adversary may compromise and control a
number of sensor nodes subject to his choice. Additionally, we
consider two sybil attacks: one is that the network owner could
add a user to a group in which other users are impersonated
by the network owner, this would remove the anonymity of
this user. The other is that by presenting multiple identities, a
malicious user can control a substantial fraction of the system
and thereby undermine the security.
conclusion
In this paper, we have proposed a novel protocol to achieve
privacy-preserving access control for WSNs. The security
analysis and experimental results show that our approach is
feasible for real applications. To the best of our knowledge,
until now this is the first secure privacy-preserving access
control scheme for WSNs. Our experiment shows that the
system overhead of the proposed protocol is reasonable in
practical scenarios.